Financial Services Cloud Forum

 View Only
Expand all | Collapse all

Feedback Wanted: GenAI controls approach

  • 1.  Feedback Wanted: GenAI controls approach

    Posted Thu December 07, 2023 11:31 AM

    The financial sector continues to wrestle with how to leverage Generative AI in an open, trusted, and explainable manner. The lack of an industry standard framework of controls leaves each organization to try and figure it out on their own. As part of IBM’s Financial Services Cloud Council, a working group of over two dozen financial institutions is banding together to identify which controls are imperative in developing a sound Generative AI Security, Risk, and Governance program.

    Based on the chart above, what are additional considerations that people think are important to include in a Generative AI control framework?

    Feedback and thoughts are welcomed in response to this thread.

    Thank You
    @Asif Riaz



    ------------------------------
    Financial Services Cloud Community Team
    ------------------------------


  • 2.  RE: Feedback Wanted: GenAI controls approach

    IBM Champion
    Posted Mon December 18, 2023 07:57 AM

    @Asif Riaz thank you for posting this - this is a very good tactical and implementation direction - appreciate all of the work!!  The harder challenge remains the lack of consistency and need for harmonization of varying regulations. There needs to be an overarching holistic AI governance framework that encompasses key principles and controls from various regulations.  At a strategic level there needs to be mechanisms that allow the framework to be flexible enough to accommodate the specific nuances of each regulation while maintaining consistency in core governance principles.  That might result in a myriad of scenarios and risk assessments and mitigations but a thorough risk assessment to identify potential compliance risks and gaps associated with each of the different regulations and then develop mitigation strategies and controls that address these risks/gaps while harmonizing as much as possible in transparent and explainable documentation is critical.  again KUDOS on the work thus far - more needed and this should be a priority for the Council and Forum (my 2cents)



    ------------------------------
    Weiyee In
    CIO
    Protego Trust Bank
    ------------------------------



  • 3.  RE: Feedback Wanted: GenAI controls approach

    IBM Champion
    Posted Mon December 18, 2023 06:03 PM

    @Asif Riaz is there some sort of integration we can do with watsonx.ai for dynamic compliance monitoring system that can monitor changes in regulations based on the evolving legal landscape to ensure ongoing compliance?  If there is a way to integrate scenario analysis for that as I mentioned above that would be really compelling.



    ------------------------------
    Weiyee In
    CIO
    Protego Trust Bank
    ------------------------------



  • 4.  RE: Feedback Wanted: GenAI controls approach

    IBM Champion
    Posted Mon December 18, 2023 08:30 PM

    On the explainability and transparency bit - Decision-makers within financial institutions need to understand and explain any and all AI-driven decisions and adoptions to Boards and Regulators - hence the rapid adoption of email copilots because despite all of its risks and potential vulnerabilities it is something easily explainable.  But then the questions about regulatory inconsistencies and harmonization creep out again - the EU AI Act requires businesses to disclose when any content has been generated by AI for informed decision-making does that include email copilots?  The California CCPA mandates "Pre-use Notices" to inform consumers about how companies intend to use automated decision-making technologies (ADMT) i.e.* ADMT supporting bank employees? - How does that extend to copilots in emails from financial services firms?  How would that line be drawn and how would that workflow look like?



    ------------------------------
    Weiyee In
    CIO
    Protego Trust Bank
    ------------------------------



  • 5.  RE: Feedback Wanted: GenAI controls approach

    Posted Tue December 19, 2023 08:56 AM

    Appreciate the feedback, Weiyee. The development of GenAI controls approach continues to be a focus area for us. As we continue down the path of further developing/refining the GenAI controls approach, we will need to ensure that the core GenAI regulatory principles/requirements from various regulatory bodies are being accounted for; granted there aren't many contradictory requirements.



    ------------------------------
    Asif Riaz
    ------------------------------



  • 6.  RE: Feedback Wanted: GenAI controls approach

    IBM Champion
    Posted Tue December 19, 2023 11:04 AM

    Thank you sir!! you have work cut out lol



    ------------------------------
    Weiyee In
    CIO
    Protego Trust Bank
    ------------------------------



  • 7.  RE: Feedback Wanted: GenAI controls approach

    IBM Champion
    Posted Wed December 20, 2023 06:49 AM

    how do we prioritize against timing vs severity, vs market?  California CCPA is trying for formal rulemaking procedures expected to start early 2024, versus EU AI Act currently expected to apply in early 2026, versus China already implementing and US federal level in early days or fragmentation?



    ------------------------------
    Weiyee In
    CIO
    Protego Trust Bank
    ------------------------------